Search criteria
2 vulnerabilities found for trackr by thetrackr
VAR-201807-0064
Vulnerability from variot - Updated: 2025-01-30 21:16The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. TrackR Bravo contains multiple vulnerabilities including sensitive information exposure and missing authentication. Trackr The device contains an information disclosure vulnerability.Information may be obtained. TrackR Bravo is prone to multiple information-disclosure and security-bypass vulnerabilities. An attacker can exploit this issue to gain access to sensitive information or bypass certain security restrictions and perform unauthorized actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0064",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "trackr",
"scope": "lt",
"trust": 1.0,
"vendor": "thetrackr",
"version": "2.2.5"
},
{
"model": "trackr",
"scope": "lt",
"trust": 1.0,
"vendor": "thetrackr",
"version": "5.1.6"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trackr",
"version": null
},
{
"model": "trackr",
"scope": null,
"trust": 0.8,
"vendor": "trackr",
"version": null
},
{
"model": "bravo",
"scope": "eq",
"trust": 0.3,
"vendor": "trackr",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#617567"
},
{
"db": "BID",
"id": "93874"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"db": "NVD",
"id": "CVE-2016-6539"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:thetrackr:trackr_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inc.,Deral Heiland and Adam Compton of Rapid7",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-774"
}
],
"trust": 0.6
},
"cve": "CVE-2016-6539",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2016-6539",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.1,
"id": "CVE-2016-6539",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6539",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2016-6539",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-774",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-774"
},
{
"db": "NVD",
"id": "CVE-2016-6539"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can be used to track devices. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. TrackR Bravo contains multiple vulnerabilities including sensitive information exposure and missing authentication. Trackr The device contains an information disclosure vulnerability.Information may be obtained. TrackR Bravo is prone to multiple information-disclosure and security-bypass vulnerabilities. \nAn attacker can exploit this issue to gain access to sensitive information or bypass certain security restrictions and perform unauthorized actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6539"
},
{
"db": "CERT/CC",
"id": "VU#617567"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"db": "BID",
"id": "93874"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#617567",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2016-6539",
"trust": 2.8
},
{
"db": "BID",
"id": "93874",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009178",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-774",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#617567"
},
{
"db": "BID",
"id": "93874"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-774"
},
{
"db": "NVD",
"id": "CVE-2016-6539"
}
]
},
"id": "VAR-201807-0064",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"industrial device"
],
"sub_category": "tracker",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T21:16:39.080000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.thetrackr.com/jp/"
},
{
"title": "TrackR Bravo Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99594"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-774"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"db": "NVD",
"id": "CVE-2016-6539"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.kb.cert.org/vuls/id/617567"
},
{
"trust": 2.4,
"url": "https://www.kb.cert.org/vuls/id/tnoy-af3kcz"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/93874"
},
{
"trust": 1.6,
"url": "https://blog.rapid7.com/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities/"
},
{
"trust": 1.1,
"url": "https://www.thetrackr.com/bravo"
},
{
"trust": 1.1,
"url": "https://community.rapid7.com/community/infosec/blog/2016/10/25/multiple-bluetooth-low-energy-ble-tracker-vulnerabilities"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6539"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6539"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#617567"
},
{
"db": "BID",
"id": "93874"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-774"
},
{
"db": "NVD",
"id": "CVE-2016-6539"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CERT/CC",
"id": "VU#617567"
},
{
"db": "BID",
"id": "93874"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-774"
},
{
"db": "NVD",
"id": "CVE-2016-6539"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-25T00:00:00",
"db": "CERT/CC",
"id": "VU#617567"
},
{
"date": "2016-10-25T00:00:00",
"db": "BID",
"id": "93874"
},
{
"date": "2018-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"date": "2016-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-774"
},
{
"date": "2018-07-06T21:29:00.280000",
"db": "NVD",
"id": "CVE-2016-6539"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-27T00:00:00",
"db": "CERT/CC",
"id": "VU#617567"
},
{
"date": "2016-10-26T01:17:00",
"db": "BID",
"id": "93874"
},
{
"date": "2018-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009178"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-774"
},
{
"date": "2024-11-21T02:56:18.943000",
"db": "NVD",
"id": "CVE-2016-6539"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-774"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TrackR Bravo contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#617567"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-774"
}
],
"trust": 0.6
}
}
VAR-202005-0469
Vulnerability from variot - Updated: 2024-11-23 22:33TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted. TrackR The device contains a vulnerability related to lack of authentication.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. Phone Halo TrackR is a lost key finding device of American Phone Halo company.
Phone Halo TrackR 2020-05-06 and previous versions have security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0469",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "trackr",
"scope": "lte",
"trust": 1.0,
"vendor": "thetrackr",
"version": "2020-05-06"
},
{
"model": "trackr",
"scope": "eq",
"trust": 0.8,
"vendor": "trackr",
"version": "2020/05/06"
},
{
"model": "halo trackr",
"scope": "lte",
"trust": 0.6,
"vendor": "phone",
"version": "\u003c=2020-05-06"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34651"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005678"
},
{
"db": "NVD",
"id": "CVE-2020-13425"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:thetrackr:trackr_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005678"
}
]
},
"cve": "CVE-2020-13425",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2020-13425",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005678",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2020-34651",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-13425",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005678",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-13425",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005678",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-34651",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-1155",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-13425",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34651"
},
{
"db": "VULMON",
"id": "CVE-2020-13425"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005678"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1155"
},
{
"db": "NVD",
"id": "CVE-2020-13425"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted. TrackR The device contains a vulnerability related to lack of authentication.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. Phone Halo TrackR is a lost key finding device of American Phone Halo company. \n\r\n\r\nPhone Halo TrackR 2020-05-06 and previous versions have security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13425"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005678"
},
{
"db": "CNVD",
"id": "CNVD-2020-34651"
},
{
"db": "VULMON",
"id": "CVE-2020-13425"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-13425",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005678",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-34651",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48222",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1155",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-13425",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34651"
},
{
"db": "VULMON",
"id": "CVE-2020-13425"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005678"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1155"
},
{
"db": "NVD",
"id": "CVE-2020-13425"
}
]
},
"id": "VAR-202005-0469",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34651"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34651"
}
]
},
"last_update_date": "2024-11-23T22:33:27.052000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.thetrackr.com/"
},
{
"title": "Patch for Phone Halo TrackR Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/223095"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34651"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005678"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-862",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005678"
},
{
"db": "NVD",
"id": "CVE-2020-13425"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://secretdiary.ninja/index.php/2020/05/06/trackr-users-private-information-exposed/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13425"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13425"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48222"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/862.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-34651"
},
{
"db": "VULMON",
"id": "CVE-2020-13425"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005678"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1155"
},
{
"db": "NVD",
"id": "CVE-2020-13425"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-34651"
},
{
"db": "VULMON",
"id": "CVE-2020-13425"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005678"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-1155"
},
{
"db": "NVD",
"id": "CVE-2020-13425"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34651"
},
{
"date": "2020-05-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-13425"
},
{
"date": "2020-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005678"
},
{
"date": "2020-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1155"
},
{
"date": "2020-05-23T20:15:10.723000",
"db": "NVD",
"id": "CVE-2020-13425"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-34651"
},
{
"date": "2020-05-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-13425"
},
{
"date": "2020-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005678"
},
{
"date": "2020-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-1155"
},
{
"date": "2024-11-21T05:01:13.980000",
"db": "NVD",
"id": "CVE-2020-13425"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1155"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TrackR Vulnerability in lack of authentication on device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005678"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-1155"
}
],
"trust": 0.6
}
}